From 8bbbb1681a018558e9d63e6f484742b077a38ba3 Mon Sep 17 00:00:00 2001 From: Christophe Haen Date: Fri, 17 May 2024 10:00:44 +0200 Subject: [PATCH] fix tests --- .../src/diracx/routers/utils/users.py | 2 +- .../tests/auth/test_legacy_exchange.py | 2 +- .../tests/jobs/test_wms_access_policy.py | 86 +++++++++++++++---- 3 files changed, 72 insertions(+), 18 deletions(-) diff --git a/diracx-routers/src/diracx/routers/utils/users.py b/diracx-routers/src/diracx/routers/utils/users.py index b85f9893..e313e143 100644 --- a/diracx-routers/src/diracx/routers/utils/users.py +++ b/diracx-routers/src/diracx/routers/utils/users.py @@ -26,7 +26,7 @@ class AuthInfo(BaseModel): # list of DIRAC properties properties: list[SecurityProperty] - policies: dict[str, Any] + policies: dict[str, Any] = {} class AuthorizedUserInfo(AuthInfo, UserInfo): diff --git a/diracx-routers/tests/auth/test_legacy_exchange.py b/diracx-routers/tests/auth/test_legacy_exchange.py index 6dc14a73..78e3a053 100644 --- a/diracx-routers/tests/auth/test_legacy_exchange.py +++ b/diracx-routers/tests/auth/test_legacy_exchange.py @@ -9,7 +9,7 @@ DIRAC_CLIENT_ID = "myDIRACClientID" pytestmark = pytest.mark.enabled_dependencies( - ["AuthDB", "AuthSettings", "ConfigSource"] + ["AuthDB", "AuthSettings", "ConfigSource", "BaseAccessPolicy"] ) diff --git a/diracx-routers/tests/jobs/test_wms_access_policy.py b/diracx-routers/tests/jobs/test_wms_access_policy.py index f756ef7c..32587c06 100644 --- a/diracx-routers/tests/jobs/test_wms_access_policy.py +++ b/diracx-routers/tests/jobs/test_wms_access_policy.py @@ -26,20 +26,29 @@ def job_db(): yield FakeDB() +POLICY_NAME = "WMSAccessPolicy_AlthoughItDoesNotMatter" + + async def test_wms_access_policy_weird_user(job_db): """USer without NORMAL_USER or JOB_ADMINISTRATION can't do anything""" weird_user = AuthorizedUserInfo(properties=[], **base_payload) with pytest.raises(HTTPException, match=f"{status.HTTP_403_FORBIDDEN}"): await WMSAccessPolicy.policy( - weird_user, action=ActionType.CREATE, job_db=job_db + POLICY_NAME, weird_user, action=ActionType.CREATE, job_db=job_db ) with pytest.raises(HTTPException, match=f"{status.HTTP_403_FORBIDDEN}"): - await WMSAccessPolicy.policy(weird_user, action=ActionType.QUERY, job_db=job_db) + await WMSAccessPolicy.policy( + POLICY_NAME, weird_user, action=ActionType.QUERY, job_db=job_db + ) with pytest.raises(HTTPException, match=f"{status.HTTP_403_FORBIDDEN}"): await WMSAccessPolicy.policy( - weird_user, action=ActionType.READ, job_db=job_db, job_ids=[1, 2, 3] + POLICY_NAME, + weird_user, + action=ActionType.READ, + job_db=job_db, + job_ids=[1, 2, 3], ) @@ -51,21 +60,31 @@ async def test_wms_access_policy_create(job_db): # You can't create and give job_ids at the same time with pytest.raises(NotImplementedError): await WMSAccessPolicy.policy( - normal_user, action=ActionType.CREATE, job_db=job_db, job_ids=[1, 2, 3] + POLICY_NAME, + normal_user, + action=ActionType.CREATE, + job_db=job_db, + job_ids=[1, 2, 3], ) with pytest.raises(NotImplementedError): await WMSAccessPolicy.policy( - admin_user, action=ActionType.CREATE, job_db=job_db, job_ids=[1, 2, 3] + POLICY_NAME, + admin_user, + action=ActionType.CREATE, + job_db=job_db, + job_ids=[1, 2, 3], ) # An admin cannot create any resource with pytest.raises(HTTPException, match=f"{status.HTTP_403_FORBIDDEN}"): await WMSAccessPolicy.policy( - admin_user, action=ActionType.CREATE, job_db=job_db + POLICY_NAME, admin_user, action=ActionType.CREATE, job_db=job_db ) # A normal user should be able to create jobs - await WMSAccessPolicy.policy(normal_user, action=ActionType.CREATE, job_db=job_db) + await WMSAccessPolicy.policy( + POLICY_NAME, normal_user, action=ActionType.CREATE, job_db=job_db + ) ############## @@ -77,15 +96,25 @@ async def test_wms_access_policy_query(job_db): # You can't create and give job_ids at the same time with pytest.raises(NotImplementedError): await WMSAccessPolicy.policy( - normal_user, action=ActionType.QUERY, job_db=job_db, job_ids=[1, 2, 3] + POLICY_NAME, + normal_user, + action=ActionType.QUERY, + job_db=job_db, + job_ids=[1, 2, 3], ) # this does not trigger because the admin can do anything await WMSAccessPolicy.policy( - admin_user, action=ActionType.QUERY, job_db=job_db, job_ids=[1, 2, 3] + POLICY_NAME, + admin_user, + action=ActionType.QUERY, + job_db=job_db, + job_ids=[1, 2, 3], ) - await WMSAccessPolicy.policy(normal_user, action=ActionType.QUERY, job_db=job_db) + await WMSAccessPolicy.policy( + POLICY_NAME, normal_user, action=ActionType.QUERY, job_db=job_db + ) async def test_wms_access_policy_read_modify(job_db, monkeypatch): @@ -95,12 +124,17 @@ async def test_wms_access_policy_read_modify(job_db, monkeypatch): for tested_policy in (ActionType.READ, ActionType.MANAGE): # The admin can do anything await WMSAccessPolicy.policy( - admin_user, action=tested_policy, job_db=job_db, job_ids=[1, 2, 3] + POLICY_NAME, + admin_user, + action=tested_policy, + job_db=job_db, + job_ids=[1, 2, 3], ) # We must give job ids with pytest.raises(NotImplementedError): await WMSAccessPolicy.policy( + POLICY_NAME, normal_user, action=tested_policy, job_db=job_db, @@ -113,12 +147,20 @@ async def summary_matching(*args): monkeypatch.setattr(job_db, "summary", summary_matching) await WMSAccessPolicy.policy( - normal_user, action=ActionType.READ, job_db=job_db, job_ids=[1, 2, 3] + POLICY_NAME, + normal_user, + action=ActionType.READ, + job_db=job_db, + job_ids=[1, 2, 3], ) # The admin can do anything await WMSAccessPolicy.policy( - admin_user, action=ActionType.READ, job_db=job_db, job_ids=[1, 2, 3] + POLICY_NAME, + admin_user, + action=ActionType.READ, + job_db=job_db, + job_ids=[1, 2, 3], ) # Jobs belong to somebody else @@ -128,7 +170,11 @@ async def summary_other_owner(*args): monkeypatch.setattr(job_db, "summary", summary_other_owner) with pytest.raises(HTTPException, match=f"{status.HTTP_403_FORBIDDEN}"): await WMSAccessPolicy.policy( - normal_user, action=ActionType.READ, job_db=job_db, job_ids=[1, 2, 3] + POLICY_NAME, + normal_user, + action=ActionType.READ, + job_db=job_db, + job_ids=[1, 2, 3], ) # Jobs belong to somebody else @@ -138,7 +184,11 @@ async def summary_other_vo(*args): monkeypatch.setattr(job_db, "summary", summary_other_vo) with pytest.raises(HTTPException, match=f"{status.HTTP_403_FORBIDDEN}"): await WMSAccessPolicy.policy( - normal_user, action=ActionType.READ, job_db=job_db, job_ids=[1, 2, 3] + POLICY_NAME, + normal_user, + action=ActionType.READ, + job_db=job_db, + job_ids=[1, 2, 3], ) # Wrong job count @@ -148,5 +198,9 @@ async def summary_other_vo(*args): monkeypatch.setattr(job_db, "summary", summary_other_vo) with pytest.raises(HTTPException, match=f"{status.HTTP_403_FORBIDDEN}"): await WMSAccessPolicy.policy( - normal_user, action=ActionType.READ, job_db=job_db, job_ids=[1, 2, 3] + POLICY_NAME, + normal_user, + action=ActionType.READ, + job_db=job_db, + job_ids=[1, 2, 3], )